The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

WARNING: SIGN-IN

You need to be a member of Energy Central to access some features and content. Please or register to continue.

Post

Identity and Access Management: Are You Leaving Your Utility Exposed?

image credit: Photo by freestocks on Unsplash

When it comes to protecting your data in the cloud, external hackers are often the first risk that comes to mind. Whether you picture someone breaking through a firewall or a malicious party infecting you with a virus—the emphasis is usually on a breach of your security perimeter.

While external security is so important for the energy and infrastructure sector, it also means that many utilities are overlooking a key issue—security breaches that originate from within.

Internally caused breaches are on the rise

According to a Forrester Research survey, internal breaches are the most commonly occurring cause of security incidents. Almost 40% of network security decision-makers indicated they had experienced an internal security breach in the past year.

While some employees intentionally commit their crime, there are also thousands of serious incidents that have been caused by stolen or misused credentials. In fact, around 80% of hacking-related breaches leveraged stolen or weak employee credentials.

Some examples include:

  • Illinois water plan attack: attackers pulled usernames and passwords from the software vendor of the plant's SCADA system. Once the hackers gained access, they were able to exploit the utility computer systems to damage equipment (a water pump).
  • Dragonfly 2.0 attacks: targeted phishing emails were directed to the energy sector, including rigged attachments that could steal credentials. Attackers gained access to vital systems, but did not take action.   
  • US nuclear facility job seeker scam: criminals posed as jobseekers sent resumes to plant control engineers which contained credential-harvesting malware. The hackers succeeded in accessing business systems although the intended goal was to gain access to safety and operational systems.

These utilities had gone to great lengths to ensure the security of their systems. Despite their efforts, they were all let down by identity and access management processes.

What is Identity and Access Management?

Identity and access management is the process responsible for managing the users who make use of IT services, data or other assets. Its role is to make sure that users “can access the right resources at the right times and for the right reasons.” These processes can also serve to identify behaviour that is out of the ordinary.

Measures implemented as part of an effective identity and access management process could have assisted in preventing the hacks listed above. For example, a two-factor authentication system could prevent criminal access using stolen credentials .

What are the issues?

Given the important role identity and access management plays in security, it’s surprising that many companies do not have adequate procedures in place. There are a myriad of reasons as to why:

  • Focus on perimeter security: Utilities are focusing on fortifying their perimeter, taking attention away from internal processes.
  • Vendor management: It can be difficult to properly assess the access management practices of vendors while balancing security with efficiency.
  • Complexity of Utility IT: More applications and internet-connected devices are being used than ever before, including third-party cloud applications. The growing complexity makes implementing access management processes difficult.
  • Poor password management: With too many applications to access, users start to write down / share credentials, increasing the risk of careless behaviour and opportunities for theft.

How can you protect your utility?

When moving to digital and remote operations, it’s extremely important that you don’t neglect identity and access management processes. At a minimum, your identity and access management processes should include:

  • Security monitoring: Processes in place to notify you if suspicious activity is detected.
  • Entitlement management systems: Applications that streamline entitlement management procedures.
  • Single sign-on: One log-in that enables users to access their applications and improve password management processes.
  • Two-factor authentication: In addition to a username and password, two-factor authentication requires something accessible only to the user, such as a personal phone message.
  • ISO 27001 certification: Validation that third-party providers adhere to international best practices for the protection of information, and that your processes are in compliance.

Are you managing access appropriately?

Even the most secure utilities are vulnerable to breaches,  an with recent alerts issued by the Cybersecurity and Infrastructure Security Agency, it’s important to remain vigilant.

If you’re concerned about your identity and access management processes, don’t wait until it is too late to address them. If you have questions or comments about identity and access management – I’m happy to answer. Drop them in the comments below or feel free to message me directly.

 

Discussions

Matt Chester's picture
Matt Chester on Oct 30, 2020

Even the most secure utilities are vulnerable to breaches,  an with recent alerts issued by the Cybersecurity and Infrastructure Security Agency, it’s important to remain vigilant.

This is what remains nerve-wracking about this all-- the more the cybersecurity industry advances, so too does the technology and strategies of the nefarious actors. Cybersecurity isn't a static accomplishment, it's an ongoing effort!

Mark  Damm's picture
Mark Damm on Nov 2, 2020

It is! But with all the advances in technology, we should be careful not to overlook the basics. Even the most stringent cybersecurity technology will be rendered useless if unprotected credentials fall into the wrong hands. That’s why access and identity management is so important.

Mark  Damm's picture

Thank Mark for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »